In recent years, with the popularization of a third generation mobile communications (3G) network, smartphones have become the fastest-growing information industry (Information Technology, IT) products.
Fast-growing smart mobile devices bring the information era into a new development climax. However, excessive demands are made on improvement of application performance of the smart mobile devices, and development of security performance is ignored, resulting in that development of security performance of the mobile devices lags behind, and a potential security problem of mobile phones is gradually exposed. For secure starting of smart mobile devices, in the prior art, a method of performing starting from an external security unit, that is, the external security unit is connected to an embedded device by using a communications interface, to provide a security function for the embedded device. When a device is started, the embedded device first needs to determine existence of the external security unit, to prevent unauthorized starting from bypassing an external root of trust of a chain of trust, a system boot program is then loaded, the boot program invokes the security unit to perform integrity measurement on a kernel of an operating system, and after verification succeeds, the kernel is started.
However, the method used in the prior art has the following disadvantages: The external security unit needs to communicate with a smart mobile device by using an external interface, and a general mobile communications terminal does not provide such an external interface, and therefore an application range of the method used in the prior art is limited. Second, according to a starting solution, the kernel can be started as long as existence of the external security unit is verified before starting is performed. Therefore, in this solution, a possibility that unauthorized starting bypasses a security unit is relatively high, and kernel starting security is relatively low.